Class: Chef::ReservedNames::Win32::Security::Token

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/win32/security/token.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(handle) ⇒ Token

Returns a new instance of Token.



29
30
31
# File 'lib/chef/win32/security/token.rb', line 29

def initialize(handle)
  @handle = handle
end

Instance Attribute Details

#handleObject (readonly)

Returns the value of attribute handle.



33
34
35
# File 'lib/chef/win32/security/token.rb', line 33

def handle
  @handle
end

Instance Method Details

#adjust_privileges(privileges_struct) ⇒ Object



57
58
59
60
61
# File 'lib/chef/win32/security/token.rb', line 57

def adjust_privileges(privileges_struct)
  if privileges_struct[:PrivilegeCount] > 0
    Chef::ReservedNames::Win32::Security.adjust_token_privileges(self, privileges_struct)
  end
end

#duplicate_token(security_impersonation_level) ⇒ Object



63
64
65
66
67
68
69
70
# File 'lib/chef/win32/security/token.rb', line 63

def duplicate_token(security_impersonation_level)
  duplicate_token_handle = FFI::Buffer.new(:ulong)
  unless Chef::ReservedNames::Win32::API::Security.DuplicateToken(handle.handle, security_impersonation_level, duplicate_token_handle)
    raise Chef::ReservedNames::Win32::Error.raise!
  end

  Token.new(Handle.new(duplicate_token_handle.read_ulong))
end

#enable_privileges(*privilege_names) ⇒ Object



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/chef/win32/security/token.rb', line 35

def enable_privileges(*privilege_names)
  # Build the list of privileges we want to set
  new_privileges = Chef::ReservedNames::Win32::API::Security::TOKEN_PRIVILEGES.new(
    FFI::MemoryPointer.new(Chef::ReservedNames::Win32::API::Security::TOKEN_PRIVILEGES.size_with_privileges(privilege_names.length))
  )
  new_privileges[:PrivilegeCount] = 0
  privilege_names.each do |privilege_name|
    luid = Chef::ReservedNames::Win32::API::Security::LUID.new
    # Ignore failure (with_privileges TRIES but does not guarantee success--
    # APIs down the line will fail if privilege escalation fails)
    if Chef::ReservedNames::Win32::API::Security.LookupPrivilegeValueW(nil, privilege_name.to_wstring, luid)
      new_privilege = new_privileges.privilege(new_privileges[:PrivilegeCount])
      new_privilege[:Luid][:LowPart] = luid[:LowPart]
      new_privilege[:Luid][:HighPart] = luid[:HighPart]
      new_privilege[:Attributes] = Chef::ReservedNames::Win32::API::Security::SE_PRIVILEGE_ENABLED
      new_privileges[:PrivilegeCount] = new_privileges[:PrivilegeCount] + 1
    end
  end

  old_privileges = Chef::ReservedNames::Win32::Security.adjust_token_privileges(self, new_privileges)
end